I have seen various endorsements of Signal from you, Bruce Schneier, Edward Snowden and so on.
I am honestly curious about how this aligns with the fact that Signal
* has no tests [1],
* has no CI [2].
How can the security of a software like Signal be asserted so thoroughly when on the engineering side, basic best practices are not followed and there is no automation that ensures that the important code paths work as expected?
Many Signal features like voice calls, video calls, reliable message delivery, or running-wihtout-crash, break regularly in daily use and with new updates. They have bugs.
What gives us (or you) confidence that the safety-critical aspects of Signal are magically exempt from such frequent bugs?
This is a serious question that concerns me.
Thanks!
(8-years Signal user with upstreamed patches.)
[1] There is a "test" directory, but it is negligible: 900 lines of actual test code in Signal-Android, vs >100k lines Java app source code.
I have seen various endorsements of Signal from you, Bruce Schneier, Edward Snowden and so on.
I am honestly curious about how this aligns with the fact that Signal
* has no tests [1],
* has no CI [2].
How can the security of a software like Signal be asserted so thoroughly when on the engineering side, basic best practices are not followed and there is no automation that ensures that the important code paths work as expected?
Many Signal features like voice calls, video calls, reliable message delivery, or running-wihtout-crash, break regularly in daily use and with new updates. They have bugs.
What gives us (or you) confidence that the safety-critical aspects of Signal are magically exempt from such frequent bugs?
This is a serious question that concerns me.
Thanks!
(8-years Signal user with upstreamed patches.)
[1] There is a "test" directory, but it is negligible: 900 lines of actual test code in Signal-Android, vs >100k lines Java app source code.
[2] At least I could not find any; tests on `master` did not even compile; see https://github.com/signalapp/Signal-Android/issues/7458#issu...